[manjaro-security] [ASA-202103-19] vivaldi: multiple issues

Morten Linderud via arch-security arch-security at lists.archlinux.org
Fri Mar 26 21:13:02 CET 2021


Arch Linux Security Advisory ASA-202103-19
==========================================

Severity: High
Date    : 2021-03-25
CVE-ID  : CVE-2020-27844 CVE-2021-21159 CVE-2021-21160 CVE-2021-21161
          CVE-2021-21162 CVE-2021-21163 CVE-2021-21165 CVE-2021-21166
          CVE-2021-21167 CVE-2021-21168 CVE-2021-21169 CVE-2021-21170
          CVE-2021-21171 CVE-2021-21172 CVE-2021-21173 CVE-2021-21174
          CVE-2021-21175 CVE-2021-21176 CVE-2021-21177 CVE-2021-21178
          CVE-2021-21179 CVE-2021-21180 CVE-2021-21181 CVE-2021-21182
          CVE-2021-21183 CVE-2021-21184 CVE-2021-21185 CVE-2021-21186
          CVE-2021-21187 CVE-2021-21188 CVE-2021-21189 CVE-2021-21190
          CVE-2021-21191 CVE-2021-21192 CVE-2021-21193
Package : vivaldi
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-1633

Summary
=======

The package vivaldi before version 3.7.2218.45-1 is vulnerable to
multiple issues including arbitrary code execution, insufficient
validation, access restriction bypass, content spoofing, incorrect
calculation and information disclosure.

Resolution
==========

Upgrade to 3.7.2218.45-1.

# pacman -Syu "vivaldi>=3.7.2218.45-1"

The problems have been fixed upstream in version 3.7.2218.45.

Workaround
==========

None.

Description
===========

- CVE-2020-27844 (arbitrary code execution)

A heap-based buffer overflow was discovered in lib/openjp2/t2.c:973 in
the current master (commit 18b1138fbe3bb0ae4aa2bf1369f9430a8ec6fa00) of
OpenJPEG.

- CVE-2021-21159 (arbitrary code execution)

A heap buffer overflow security issue was found in the TabStrip
component of the Chromium browser before version 89.0.4389.72.

- CVE-2021-21160 (arbitrary code execution)

A heap buffer overflow security issue was found in the WebAudio
component of the Chromium browser before version 89.0.4389.72.

- CVE-2021-21161 (arbitrary code execution)

A heap buffer overflow security issue was found in the TabStrip
component of the Chromium browser before version 89.0.4389.72.

- CVE-2021-21162 (arbitrary code execution)

A use after free security issue was found in the WebRTC component of
the Chromium browser before version 89.0.4389.72.

- CVE-2021-21163 (insufficient validation)

An insufficient data validation security issue was found in the Reader
Mode component of the Chromium browser before version 89.0.4389.72.

- CVE-2021-21165 (arbitrary code execution)

An object lifecycle security issue was found in the audio component of
the Chromium browser before version 89.0.4389.72.

- CVE-2021-21166 (arbitrary code execution)

An object lifecycle security issue was found in the audio component of
the Chromium browser before version 89.0.4389.72.

- CVE-2021-21167 (arbitrary code execution)

A use after free security issue was found in the bookmarks component of
the Chromium browser before version 89.0.4389.72.

- CVE-2021-21168 (access restriction bypass)

An insufficient policy enforcement security issue was found in the
appcache component of the Chromium browser before version 89.0.4389.72.

- CVE-2021-21169 (information disclosure)

An out of bounds memory access security issue was found in the V8
component of the Chromium browser before version 89.0.4389.72.

- CVE-2021-21170 (content spoofing)

An incorrect security UI security issue was found in the Loader
component of the Chromium browser before version 89.0.4389.72.

- CVE-2021-21171 (content spoofing)

An incorrect security UI security issue was found in the TabStrip and
Navigation components of the Chromium browser before version
89.0.4389.72.

- CVE-2021-21172 (access restriction bypass)

An insufficient policy enforcement security issue was found in the File
System API component of the Chromium browser before version
89.0.4389.72.

- CVE-2021-21173 (information disclosure)

A side-channel information leakage security issue was found in the
Network Internals component of the Chromium browser before version
89.0.4389.72.

- CVE-2021-21174 (incorrect calculation)

An inappropriate implementation security issue was found in the
Referrer component of the Chromium browser before version 89.0.4389.72.

- CVE-2021-21175 (incorrect calculation)

An inappropriate implementation security issue was found in the Site
isolation component of the Chromium browser before version
89.0.4389.72.

- CVE-2021-21176 (incorrect calculation)

An inappropriate implementation security issue was found in the full
screen mode component of the Chromium browser before version
89.0.4389.72.

- CVE-2021-21177 (access restriction bypass)

An insufficient policy enforcement security issue was found in the
Autofill component of the Chromium browser before version 89.0.4389.72.

- CVE-2021-21178 (incorrect calculation)

An inappropriate implementation security issue was found in the
Compositing component of the Chromium browser before version
89.0.4389.72.

- CVE-2021-21179 (arbitrary code execution)

A use after free security issue was found in the Network Internals
component of the Chromium browser before version 89.0.4389.72.

- CVE-2021-21180 (arbitrary code execution)

A use after free security issue was found in the tab search component
of the Chromium browser before version 89.0.4389.72.

- CVE-2021-21181 (information disclosure)

A side-channel information leakage security issue was found in the
autofill component of the Chromium browser before version 89.0.4389.72.

- CVE-2021-21182 (access restriction bypass)

An insufficient policy enforcement security issue was found in the
navigations component of the Chromium browser before version
89.0.4389.72.

- CVE-2021-21183 (incorrect calculation)

An inappropriate implementation security issue was found in the
performance APIs component of the Chromium browser before version
89.0.4389.72.

- CVE-2021-21184 (incorrect calculation)

An inappropriate implementation security issue was found in the
performance APIs component of the Chromium browser before version
89.0.4389.72.

- CVE-2021-21185 (access restriction bypass)

An insufficient policy enforcement security issue was found in the
extensions component of the Chromium browser before version
89.0.4389.72.

- CVE-2021-21186 (access restriction bypass)

An insufficient policy enforcement security issue was found in the QR
scanning component of the Chromium browser before version 89.0.4389.72.

- CVE-2021-21187 (insufficient validation)

An insufficient data validation security issue was found in the URL
formatting component of the Chromium browser before version
89.0.4389.72.

- CVE-2021-21188 (arbitrary code execution)

A use after free security issue was found in the Blink component of the
Chromium browser before version 89.0.4389.72.

- CVE-2021-21189 (access restriction bypass)

An insufficient policy enforcement security issue was found in the
payments component of the Chromium browser before version 89.0.4389.72.

- CVE-2021-21190 (arbitrary code execution)

An uninitialized use security issue was found in the PDFium component
of the Chromium browser before version 89.0.4389.72.

- CVE-2021-21191 (arbitrary code execution)

A use after free security issue was found in the WebRTC component of
the Chromium browser before version 89.0.4389.90.

- CVE-2021-21192 (arbitrary code execution)

A heap buffer overflow security issue was found in the tab groups
component of the Chromium browser before version 89.0.4389.90.

- CVE-2021-21193 (arbitrary code execution)

A use after free security issue was found in the Blink component of the
Chromium browser before version 89.0.4389.90. Google is aware of
reports that an exploit for this issue exists in the wild.

Impact
======

A remote attacker might be able to bypass security measures, trick the
user into performing unwanted actions or execute arbitrary code.

References
==========

https://vivaldi.com/blog/desktop/minor-update-2-for-vivaldi-desktop-3-6/
https://vivaldi.com/blog/vivaldi-fires-up-performance-2/
https://github.com/uclouvain/openjpeg/issues/1299
https://github.com/uclouvain/openjpeg/pull/1301
https://github.com/uclouvain/openjpeg/commit/73fdf28342e4594019af26eb6a347a34eceb6296
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
https://crbug.com/1171049
https://crbug.com/1170531
https://crbug.com/1173702
https://crbug.com/1172054
https://crbug.com/1111239
https://crbug.com/1174582
https://crbug.com/1177465
https://crbug.com/1161144
https://crbug.com/1152226
https://crbug.com/1166138
https://crbug.com/1111646
https://crbug.com/1152894
https://crbug.com/1150810
https://crbug.com/1154250
https://crbug.com/1158010
https://crbug.com/1146651
https://crbug.com/1170584
https://crbug.com/1173879
https://crbug.com/1174186
https://crbug.com/1174943
https://crbug.com/1175507
https://crbug.com/1182767
https://crbug.com/1049265
https://crbug.com/1105875
https://crbug.com/1131929
https://crbug.com/1100748
https://crbug.com/1153445
https://crbug.com/1155516
https://crbug.com/1161739
https://crbug.com/1165392
https://crbug.com/1166091
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
https://crbug.com/1167357
https://crbug.com/1181387
https://crbug.com/1186287
https://security.archlinux.org/CVE-2020-27844
https://security.archlinux.org/CVE-2021-21159
https://security.archlinux.org/CVE-2021-21160
https://security.archlinux.org/CVE-2021-21161
https://security.archlinux.org/CVE-2021-21162
https://security.archlinux.org/CVE-2021-21163
https://security.archlinux.org/CVE-2021-21165
https://security.archlinux.org/CVE-2021-21166
https://security.archlinux.org/CVE-2021-21167
https://security.archlinux.org/CVE-2021-21168
https://security.archlinux.org/CVE-2021-21169
https://security.archlinux.org/CVE-2021-21170
https://security.archlinux.org/CVE-2021-21171
https://security.archlinux.org/CVE-2021-21172
https://security.archlinux.org/CVE-2021-21173
https://security.archlinux.org/CVE-2021-21174
https://security.archlinux.org/CVE-2021-21175
https://security.archlinux.org/CVE-2021-21176
https://security.archlinux.org/CVE-2021-21177
https://security.archlinux.org/CVE-2021-21178
https://security.archlinux.org/CVE-2021-21179
https://security.archlinux.org/CVE-2021-21180
https://security.archlinux.org/CVE-2021-21181
https://security.archlinux.org/CVE-2021-21182
https://security.archlinux.org/CVE-2021-21183
https://security.archlinux.org/CVE-2021-21184
https://security.archlinux.org/CVE-2021-21185
https://security.archlinux.org/CVE-2021-21186
https://security.archlinux.org/CVE-2021-21187
https://security.archlinux.org/CVE-2021-21188
https://security.archlinux.org/CVE-2021-21189
https://security.archlinux.org/CVE-2021-21190
https://security.archlinux.org/CVE-2021-21191
https://security.archlinux.org/CVE-2021-21192
https://security.archlinux.org/CVE-2021-21193
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.manjaro.org/pipermail/manjaro-security/attachments/20210326/d2462e9d/attachment-0001.sig>


More information about the manjaro-security mailing list